Class CertUtil
- java.lang.Object
-
- org.dcache.xrootd.plugins.authn.gsi.CertUtil
-
public class CertUtil extends java.lang.ObjectCertUtil - convenience methods for certificate processing- Author:
- radicke, tzangerl
-
-
Constructor Summary
Constructors Constructor Description CertUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static java.lang.StringcertToPEM(java.security.cert.X509Certificate certificate)Encodes to PEM format with default X.509 certificate header/footerstatic java.lang.StringchainToPEM(java.lang.Iterable<java.security.cert.X509Certificate> certificates)static java.lang.StringcomputeHash(java.security.MessageDigest md, javax.security.auth.x500.X500Principal principal)Computes the hash from the principal, using the passed-in digest (usually MD5).static java.lang.StringcomputeMD5Hash(javax.security.auth.x500.X500Principal principal)Convenience method to compute a openssl-compatible md5 hashstatic byte[]fromPEM(java.lang.String pem, java.lang.String header, java.lang.String footer)Decodes PEM by removing the given header and footer, and decodes the inner content with base64.static java.util.List<java.security.cert.X509Certificate>prepend(java.security.cert.X509Certificate certificate, java.security.cert.X509Certificate[] chain)Rebuild the cert chain by adding the new cert in first position.static java.lang.StringtoPEM(byte[] der, java.lang.String header, java.lang.String footer)Encodes to PEM.
-
-
-
Method Detail
-
prepend
public static java.util.List<java.security.cert.X509Certificate> prepend(java.security.cert.X509Certificate certificate, java.security.cert.X509Certificate[] chain)Rebuild the cert chain by adding the new cert in first position.- Parameters:
certificate- to prependchain- current- Returns:
- new chain
-
fromPEM
public static byte[] fromPEM(java.lang.String pem, java.lang.String header, java.lang.String footer)Decodes PEM by removing the given header and footer, and decodes the inner content with base64.- Parameters:
pem- the full PEM-encoded data including header + footerheader- the header to be striped offfooter- the footer to be striped off- Returns:
- the content in DER format
-
certToPEM
public static java.lang.String certToPEM(java.security.cert.X509Certificate certificate)
Encodes to PEM format with default X.509 certificate header/footer- Parameters:
certificate- the certificate to be encoded- Returns:
- the PEM-encoded String
-
chainToPEM
public static java.lang.String chainToPEM(java.lang.Iterable<java.security.cert.X509Certificate> certificates)
-
toPEM
public static java.lang.String toPEM(byte[] der, java.lang.String header, java.lang.String footer)Encodes to PEM. The content is base64-encoded and the header and footer is added.- Parameters:
der- the content to be encodedheader- the header linefooter- the footer line- Returns:
- the PEM-encoded String
-
computeMD5Hash
public static java.lang.String computeMD5Hash(javax.security.auth.x500.X500Principal principal)
Convenience method to compute a openssl-compatible md5 hash- Parameters:
principal- the principal (either issuer or subject)- Returns:
- the 8-digit hexadecimal hash string
-
computeHash
public static java.lang.String computeHash(java.security.MessageDigest md, javax.security.auth.x500.X500Principal principal)Computes the hash from the principal, using the passed-in digest (usually MD5). After applying the digest on the DER-encoded principal, the first 4 bytes of the computed hash are taken and interpreted as a hexadecimal integer in Little Endian. This corresponds to the openssl hash mechanism. Keep a cache of principals, as this method will often be called with the same principal (to avoid costly rehashing).- Parameters:
md- the digest instanceprincipal- the principal (subject or issuer)- Returns:
- the 8-digit hexadecimal hash
-
-